Pulumi Go SDK for GCP:无法销毁 SQL 服务器。

huangapple
go评论94阅读模式
英文:

pulumi Go SDK for GCP: failed to destroy sql server

问题

我正在使用Pulumi GO SDK。当我尝试销毁我创建的一个新的SQL DatabaseInstance、Database、密码和用户的堆栈时,我收到以下错误消息:

21:00:33  [2022-07-05T18:00:33.872Z] 诊断信息:
21:00:33  [2022-07-05T18:00:33.874Z]   gcp:sql:User (gcp-test02-user:myuser):
21:00:33  [2022-07-05T18:00:33.875Z]     错误:在实例gcp-test02-1b95d9a中删除urn:pulumi:us-east4-gcp-test02::cluster::gcp:myuser/sql:Database$gcp:sql/user:User::gcp-test02-user:myuser时发生1个错误:
21:00:33  [2022-07-05T18:00:33.876Z]     	* 错误,无法删除实例gcp-test02-1b95d9a中的用户myuser:googleapi: 错误400:无效请求:无法删除用户myuser:. 角色“myuser”无法删除,因为某些对象依赖于它。详细信息:数据库mydatabases中的640个对象,无效
21:00:33  [2022-07-05T18:00:33.877Z]  
21:00:33  [2022-07-05T18:00:33.877Z]   gcp:sql:Database (gcp-test02-db:mydatabases):
21:00:33  [2022-07-05T18:00:33.879Z]     错误:在实例gcp-test02-db:mydatabases中删除urn:pulumi:us-east4-auto-mgmt-console-gcp-test02::cluster::gcp:myuser/sql:Database$gcp:sql/database:Database::gcp-test02-db:mydatabases时发生1个错误:
21:00:33  [2022-07-05T18:00:33.880Z]     	* 读取或编辑数据库时出错:googleapi: 错误400:无效请求:无法删除数据库“sentinellabs”。详细信息:pq: 数据库“sentinellabs”正在被其他用户访问。(请使用psql客户端删除不属于“cloudsqlsuperuser”的数据库。),无效
21:00:33  [2022-07-05T18:00:33.881Z]  
21:00:33  [2022-07-05T18:00:33.881Z]   pulumi:pulumi:Stack (cluster-us-east4-auto-mgmt-console-gcp-test02):
21:00:33  [2022-07-05T18:00:33.882Z]     错误:更新失败
英文:

I am using Pulumi GO SDK: When I try to destroy stack where I provisioned a new SQL DatabaseInstance, Database, password and user I get this error message:

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-html -->

21:00:33  [2022-07-05T18:00:33.872Z] Diagnostics:
21:00:33  [2022-07-05T18:00:33.874Z]   gcp:sql:User (gcp-test02-user:myuser):
21:00:33  [2022-07-05T18:00:33.875Z]     error: deleting urn:pulumi:us-east4-gcp-test02::cluster::gcp:myuser/sql:Database$gcp:sql/user:User::gcp-test02-user:myuser: 1 error occurred:
21:00:33  [2022-07-05T18:00:33.876Z]     	* Error, failed to deleteuser myuser in instance gcp-test02-1b95d9a: googleapi: Error 400: Invalid request: failed to delete user myuser: . role &quot;myuser&quot; cannot be dropped because some objects depend on it Details: 640 objects in database mydatabases., invalid
21:00:33  [2022-07-05T18:00:33.877Z]  
21:00:33  [2022-07-05T18:00:33.877Z]   gcp:sql:Database (gcp-test02-db:mydatabases):
21:00:33  [2022-07-05T18:00:33.879Z]     error: deleting urn:pulumi:us-east4-auto-mgmt-console-gcp-test02::cluster::gcp:myuser/sql:Database$gcp:sql/database:Database::gcp-test02-db:mydatabases: 1 error occurred:
21:00:33  [2022-07-05T18:00:33.880Z]     	* Error when reading or editing Database: googleapi: Error 400: Invalid request: failed to delete database &quot;sentinellabs&quot;. Detail: pq: database &quot;sentinellabs&quot; is being accessed by other users. (Please use psql client to delete database that is not owned by &quot;cloudsqlsuperuser&quot;)., invalid
21:00:33  [2022-07-05T18:00:33.881Z]  
21:00:33  [2022-07-05T18:00:33.881Z]   pulumi:pulumi:Stack (cluster-us-east4-auto-mgmt-console-gcp-test02):
21:00:33  [2022-07-05T18:00:33.882Z]     error: update failed

<!-- end snippet -->

答案1

得分: 1

> [...]无法删除用户myuser:. 角色"myuser"无法删除,因为某些对象依赖于它[...]
DROP USER(或DROP ROLE)在角色仍然拥有任何对象或在其他对象上拥有任何授予权限时无法执行。

在GCP控制台中的Cloud SQL实例中,您应该使用**DROP OWNED**(这并不明显)来摆脱所有权限。手册:

> [...]对于当前数据库中给定角色在对象上授予的任何权限以及共享对象(数据库、表空间)上的权限也将被撤销。

因此,删除角色的命令顺序应该是:

REASSIGN OWNED BY myuser TO postgres;  
DROP OWNED BY myuser;

在角色拥有任何对象或在任何数据库中拥有任何权限的同一集群中的每个数据库中运行这两个命令。
然后:

DROP USER myuser;
  • REASSIGN OWNED更改角色当前拥有的所有对象的所有权。
  • DROP OWNED然后只撤销权限(将所有权放在一边)。

再次尝试pulumi destroy

最后,您应该运行'pulumi refresh',然后CLI应该检测到它已被删除,并从堆栈中删除它。

推荐阅读:

英文:

> [...] failed to delete user myuser: . role "myuser" cannot be dropped because some objects depend on it [...]

DROP USER(or DROP ROLE) cannot proceed while the role still owns anything or has any granted privileges on other objects.

In the GCP Console, in your Cloud SQL instance, you should get rid of all privileges with DROP OWNED (which isn't obvious). The manual:

> [...] Any privileges granted to the given roles on objects in the current
> database and on shared objects (databases, tablespaces) will also be revoked.

So the sequence of commands to drop a role should be:

REASSIGN OWNED BY myuser TO postgres;  
DROP OWNED BY myuser;

Run both commands in every database of the same cluster where the role owns anything or has any privileges.
And then:

DROP USER myuser;
  • REASSIGN OWNED changes ownership for all objects currently owned by the role.
  • DROP OWNED then only revokes privileges (ownerships out of the way).

Try again pulumi destroy.

Finally, you should run ‘pulumi refresh’, and then the CLI should detect that it was deleted and remove it from the stack.

Recommended:

答案2

得分: -1

看起来可能有一个额外的数据库被添加到正在访问和锁定的 SQL 实例中。你可能需要登录到 SQL 实例并首先删除该数据库,然后运行 pulumi refreshpulumi destroy。400 错误是由 Google 返回的。

英文:

It looks like there might be an additional database added to that sql instance that is being accessed and locked. You might have to login to the sql instance and drop that db first, then run pulumi refresh, and pulumi destroy. The 400 error is being returned from Google.

huangapple
  • 本文由 发表于 2022年7月6日 02:32:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/72874057.html
  • go
  • google-cloud-platform
  • google-cloud-sql
  • pulumi
  • sdk
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定